Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec: Hacking Group Black Vine Behind Anthem Breach

Posted by samzenpus on from the protect-ya-neck dept.

itwbennett writes: Symantec said in a report that the hacking group Black Vine, which has been active since 2012 and has gone after other businesses that deal with sensitive and critical data, including organizations in the aerospace, technology and finance industries, is behind the hack against Anthem. The Black Vine malware Mivast was used in the Anthem breach, according to Symantec.

18 comments

  1. HealthInsurance Company Fail by Virtucon · · Score: 3, Interesting

    In other news, Anthem is going to acquire Cigna. Now all those Cigna customers can get the same high-quality data protection and HIPPA compliance that all Anthem customers enjoy. Of course Anthem will only pay a paltry fine for not protecting customer information and will in return provide one year of "credit monitoring" to those affected by their stupidity.

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
    1. Re: HealthInsurance Company Fail by Anonymous Coward · · Score: 0

      *HIPAA

    2. Re:HealthInsurance Company Fail by Sir+Holo · · Score: 1

      Now all those Cigna customers can get the same high-quality data protection and HIPPA compliance that all Anthem customers enjoy.

      Anthem breaks HIPAA rules all the time.

      I'd share my own experiences, but only as AC.

    3. Re:HealthInsurance Company Fail by GrooveNeedle · · Score: 1

      Please share, I'd love to hear about your experiences with HIPAA violations.

    4. Re:HealthInsurance Company Fail by antdude · · Score: 1

      And former Cigna customers too?

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  2. Black Vine? by Anonymous Coward · · Score: 0

    Are they anything like Black Twitter?

    1. Re:Black Vine? by Anonymous Coward · · Score: 0

      The are "Researchers" Cut them some slack.

      After all, Anthem left their door unlocked so by Slashdot reasoning, they

      1. Had it coming
      2. Invited it.
      3, Can't whine.
      4. Hackers can't be held responsible.
      5. Hackers shouldn't not be punished.

  3. Nothing exposed to the Internet is private. by ErichTheRed · · Score: 3, Interesting

    I've been doing desktop computing stuff for ages, and one of the things you need to take into account is this -- Nothing will ever stop one idiot end user from double-clicking on an attachment, following a link to a cat video, or giving their password to someone over the phone. This could be anyone from the CEO (actually, more likely to be them...) to the lowliest call center person working on what you think is a locked down desktop/Citrix session. Microsoft has gotten better over the years by making the OS and applications usable by a non-administrator, but that's only one piece of the problem. Most large organizations have a hard time patching regular vulnerabilities in their OSes, let alone emergency patching a zero day exploit.

    I've always wondered when companies are going to just say "screw it" and give workers back the 2015 version of a green screen terminal to do their work on. VDI is vulnerable, Citrix is -very- vulnerable, and standalone desktops are extremely hard to secure. These "security researchers" have way more resources than an overburdened, understaffed, underfunded and often outsourced IT department. Most companies can't afford to re-architect their network in a "trust-nothing" fashion, or don't want to pay for it because IT is seen as a cost center. What makes this worse is that companies get away with it all the time -- as long as they have their PCI and/or HIPAA audit box checked, they can shrug their shoulders and say "we're powerless to stop them, see, we did everything you asked!" Then, their insurance just pays off the credit card companies and it's business as usual again until the next big hack.

    When you can "fix" a security problem by giving away a useless credit monitoring service, there's no incentive to fix the problem.

    1. Re:Nothing exposed to the Internet is private. by The-Ixian · · Score: 1

      Nothing will ever stop one idiot end user from double-clicking on an attachment

      This is the scenario that keeps me up at night. Here are the steps I have taken in our network:

      - Block Java and Flash for all users using kill bits
      - Block executables at the firewall
      - Block all VBA containing docs at the firewall
      - Use Geo-IP rules to block e-mail from countries we don't do business in
      - Use OpenDNS
      - Use SEP to block executables from removable media
      - Stay on top of web and e-mail content filtering rules
      - Stay on top of security updates
      - Monitor e-mail reports every day for trends
      - Perform regular phishing tests against our users

      I am seriously considering implementing application whitelisting as well.

      --
      My eyes reflect the stars and a smile lights up my face.
    2. Re:Nothing exposed to the Internet is private. by Anonymous Coward · · Score: 0

      You can't make anything fool-proof because fools are so ingenious.

  4. Narrow fingers of blame? by bbsguru · · Score: 4, Interesting

    Interesting that we seem to be overlooking the 'rest of the story':
    That the United, Anthem, and OPM breaches are ALL blamed on the same actors.
    So we now have a cool name ('Black Vine') to supplant "Chinese State Sponsored Hackers".
    I suppose that will make it easier to report without offending our good friend China, right?

  5. de haxx0rz dunnit by Anonymous Coward · · Score: 0

    like this is hollywood or something

  6. Obviously Chinese Espionage by MightyDrunken · · Score: 2

    I found the "Elderwood Framework" document interesting. A number of different hacker groups, including Black Vine had access to a surprisingly high number of zero day exploits. Looking at the primary targets defence, aeronautics, engineering, energy in the US and NGOs in Taiwan, Hong Kong and China, it makes sense that it is Chinese backed.

    All the zero day exploits were IE, Flash and one Windows (XML core services).

    --
    The most dangerous drug
    1. Re:Obviously Chinese Espionage by ColdWetDog · · Score: 1

      Look, why does everyone think China is involved? Just because the IP addresses point in that direction? Weak sauce. Here is a much more nuanced way to look at things. Yeah, they use China IP addresses. But much of the high tech part of China is on the eastern coast. This is part of the Pacific Ring of Fire, a whole bunch of active and extinct volcanoes ringing the Pacific Ocean.

      Now, there aren't a whole lot of fiber optic cables that run directly to volcanoes. The business case really isn't there. So, if you are an evil villain bent on world domination, holed up in said geologic structure, where would you get Internet access from? AT&T? Comcast? Nope. You're neighbors in friendly, capitalistic China. You can even pull some plausible deniability out of it.

      Come on guys, think harder. What kind of world do you want to see? Millions of plastic knick knacks at Wal-Mart.

      Or sharks with lasers.

      --
      Faster! Faster! Faster would be better!